cvedb.io
CVE-2026-5194
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2026-04-09T20:16:28.420 · Last modified 2026-06-17T10:58:35.180

Summary

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.

Affected products

wolfssl — wolfssl

Does this affect you?

Add your gear to cvedb and we'll alert you only when wolfssl ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.